GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-05-28 19:17:26 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000021 WDC_WD7500BPVT-60HXZT3 rev.01.01A01 698,64GB Running: zdh4tonp.exe; Driver: C:\Users\Karinka\AppData\Local\Temp\kwtoquoc.sys ---- User code sections - GMER 2.2 ---- ? C:\Windows\system32\wbem\wbemsvc.dll [1764] entry point in ".rdata" section 0000000072ba8fa0 ? C:\Windows\SYSTEM32\BsHelpCSps.dll [1764] entry point in ".data" section 0000000010005055 ? C:\Windows\SYSTEM32\iertutil.dll [4796] entry point in ".rdata" section 00000000720bcb70 ? C:\Windows\SYSTEM32\BsHelpCSps.dll [4796] entry point in ".data" section 0000000003525055 ? C:\Windows\SYSTEM32\BlueSoleilCSps.dll [4796] entry point in ".rdata" section 0000000003aa4085 ? C:\Windows\system32\wbem\wbemsvc.dll [3416] entry point in ".rdata" section 0000000072ba8fa0 ? C:\Windows\system32\apphelp.dll [3568] entry point in ".rdata" section 0000000070c60380 ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\csrss.exe [656:956] fffff96141d14060 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 186565982 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\a4173164308c Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 322 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{05545f70-886e-4073-aed1-e8ccb6e1db30}@LeaseObtainedTime 1464451040 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{05545f70-886e-4073-aed1-e8ccb6e1db30}@T1 1464454640 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{05545f70-886e-4073-aed1-e8ccb6e1db30}@T2 1464457340 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{05545f70-886e-4073-aed1-e8ccb6e1db30}@LeaseTerminatesTime 1464458240 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0xCD 0xB7 0xA1 0xE6 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0xCD 0x1F 0x66 0x48 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0xCD 0x4F 0xDD 0x84 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeTickCount 0x71 0x0D 0x2A 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\iexplore@Count 63 Reg HKCU\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_ec1b7bdbb4f9fac237b0428e394a77fe4d1bcaa7_00000000_cab_1f35b8f3 ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----